You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Clean up request - iLivid

I've read through several threads where people who have iLivid are assisted with removal. I've installed OTL and download GMER in anticipation of being requested to run those but thought it might make sense to stop at this point for instruction from the experts here.

I get what I would call an overlay windows when in IE9 or Firefox prompting me to watch video. I also get a pop up window to a different search engine when I do a google search. Also the machine has had delays in the keyboard input that only happens when entering text in a browser window. I will post OTL and GMER shortly

I've read several other posts where people are cleaning up this infection. I downloaded any tools that were recommended and put them on a USB stick so I have them ready. I haven't run any except for DDS, GMER and OTL but have the other tools ready.

Hi there are a lot of tools that say they remove it.
Eset found it. But.. this is a back door intrusion,unless all of it is removed it can be back . A Back door steas personal info and sends it home. I prefer to move you know and get the look rather than just rely on a few ,although good tools.

Interesting that Eset sees it. I was referring to just the suite of various tools bleeping computer malware experts request forum participants to download and use during the process. Just FYI, before coming here I ran the MSE offline scanner but it didn't detect intrusion. MSE is the AV in place. The machine is a 64bit Windows 7 Pro SP1 running on a Dell Vostro 3700 laptop. Its set to download and install Windows Updates as they come through, once in a while Windows Updates restarts the machine at night.

My name is etavares and I'm here to help you with this issue. I don't see logs in your post. I'll need those to get started.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. Please also follow my instructions and do not do anything else on your own now that we are working together. We'll end up working against each other and that can create issues on your computer.

Hello, bwales.We'll start with this. Let me know how your computer is running after completing all the steps.

Step 1

Install ERUNTThis tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.

Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.

Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

The automatic part won't work with Vista or W7. Please backup manually using ERUNT with the following instructions:

Please locate the ERUNT icon on the desktop. If it is not there, click Start and type ERUNT into the search box.

Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator

Click OK at the first message box.

Ensure the checkboxes for both "system registry" and "current user registry" are checked. Leave the default save location in there.

Click OK.

Click Yes to create the new folder.

You'll get a window saying "registry backup complete" once it's done. Click OK. If you get an error message, please STOP here and let me know. Do not proceed with any additional instructions until you check back with me.

Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script

Please download OTL from one of the following mirrors if you do not still have it.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.

Double-click on mbam-setup.exe to install the application.

When the installation begins, follow the prompts and do not make any changes to default settings.

When installation has finished, make sure you leave both of these checked:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.

If you encounter any problems while downloading the definition updates, manually download them fromhereand just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.

Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.

Make sure that everything is checked, and click Remove Selected.

When removal is completed, a log report will open in Notepad.

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.